[Claim that vulnerabilities and number of viruses for an operating system have nothing to do with the quality of the operating system but with the popularity. And that other less popular operating systems will get as many security holes and viruses when they become as popular as the said operating system]

At worst, add a chunk of unused data to the end of the altered binary and flip bits until the MD5 matches. It's likely though that there are already sufficiently many places to alter it without causing any change in behavior.

You could craft two binaries with the same MD5 that do different things, however you have to be in full control of both to do this. It's to all extents and purposes impossible to take someone else's binary and create another with an MD5 collision and is the same size that actually runs.

Really? Let's try something new - maybe the Chinese don't care about your fat ass. There is no point. China is winning and you are losing. Learn to deal with it. Or go and build a big fence or whatever it is you ignorant morons do when you feel threatened. Also no sympathy from the rest of the world you torturing, family murdering morons.

And prohibitively expensive. If they had even a basic firewall and monitoring setup, this wouldn't have happened. Or maybe they could just keep their sensitive information on computers connected to the Internet.

Nor does an ad hominem invalidate the response. You have not addressed the issue of why hiring a random code monkey to implement security is a better solution than relying on the work of numerous security experts that has been validated by the security community. That's what I argued against, and you seem to think that who I know is more important than addressing the issue at hand.

I choose not to disclose my background or acquaintances. If you feel that makes my argument invalid, I honestly don't care.

I only replied because your reply was upmodded, which means that others seem to agree that attacking the speaker instead of the assertion has some kind of merit.

You made the faulty assumption that the military would hire a random code monkey for encryption, despite their history in the field predating Microsoft and Linux by decades. It's not my issue to address.

Most of the time that is just laziness in accounting. They take a repair kit that costs $2000 and divide it by the number of components. It doesn't matter that a single part costs 1900 and the hammer 30, everything is listed as 400.

MS Office has no business at all accessing the network, in a proper secure OS for use in this kind of government project you would have a least-privilege policy on the process-level (not on the user level).

The Microsoft Windows EULA basically states that they don't guarantee the software to be good for any kind of use, and Microsoft is not liable for any kind of harm the software causes. You're not allowed to use the software unless you agree to it. Because of this the government is under contractual obligation to not sue Microsoft.

Do you really think our NSA has no ability to spy for the US government in China? Assuming they do, they would never admit to anything publicly. Our country may be headed by morons, but our intelligence agencies are still formidable.

It is a wake-up call when a country, long scoffed at as economically backward and technologically challenged, can make a leap in a few short years and be: the creditor of the US, the economy about to overtake Germany as the world's second manufacturing colossus, the military technician that can immolate satellites, the galloping military machine with huge army reserves and a swollen navy. And all of this happening during an era besieged by the spectacle of immense global environmental change. Do you have to be an expert to spell trouble?

No. But you have to be stupid to be GWB spending all the money America has on an insane and financially stupid little war in the face of a rising China. The oil we could get will not make up for that 7 trillion in debt.

Could he be a Chinese mole? I just don't see any logic in his actions.

Nah, America has 300M surfs, lots of space and almost zero military threat.

If the Democratic Government collapses they wont care, they'll be even better off without it. The goal of the Plutocracy is to destroy the middle class and remove the Government from obstructing their greed.

Where have you been? The Chinese military build-up is impressive. From Japan to Australia the Pacific is worried. The "American War Machine" can't even subdue small players like Iraq or Afghanistan. You've got to stop living in a fantasy world.

Ha. No one is in the pacific is "worried". The USA very recently unilaterally removed the military restrictions on Japan, what was the purpose of that? To defend against China? No, for Arms Sales.

What is happening in Iraq or Afghanistan is the American military playing nice. They could subdue them if they werent so worried about international pressure to not "push their luck" with the invasion / occupation.

The American military could have killed every Afghan or Iraqi years ago had they wished. Open warfare is not what you are seeing there, its a police action.

Open War with China would be very different.

Dont get me wrong, I'm not a pro-america jingo, I dont think you appreciate the gap between American Military spending (massive) and the rest of the planet (taken together, wouldnt equal what the USA spends).

America is the one that has repeatedly attacked China and its allies over the past 50 years.

China is only a threat if you assume that they will act like white people and force the rest of the world to do as they wish through the use of ultra aggressive military action and manipulative banking practices.

By that logic, a safe manufacturer is responsible for you losing all the items in a safe because you stuck a note to the front with the combination written on it. The last time I checked, Windows does not come with a guarantee of security - and if you don't take adequate steps to secure your system and limit access to it, who's really to blame?

Isolating a computer from the internet and human intervention usually does the trick. For anything else, you have to be stringent about what gets in. This is what firewalls and your building/department's security policies are for.

we are talking about the demise of the greatest civilization the planet has ever known.

Superiority complex, much?

In any case, why would the government of 'the greatest civilization on earth' trust a business concerned with profit to place as many resources as possible on security, something that won't bring them profit? It's not Microsoft's fault, it's your brain-dead military.

The difference is that you knew of that electrical problem and still shipped the product anyway, whereas Microsoft seems to be, time and time again, ignorant about their problems and relies instead on the security community to identify flaws in their products.

I'd be willing to be that analysis of a given chunk of Windows code would yield substantial "hope nobody finds out about this because we can't fix it in time" kind of code.

I agree. It's probably about 50-50. Ignorant probably wasn't the best word to use.

I just find it hard to swallow that given their reputation over the past 10 years regarding security, it's importance in their SDM doesn't seem to have increased. Or, maybe it has, but the effect is moot as their codebases have swelled exponentially.

Perhaps it will take a major incident of international espionage (followed by a charge of treason) before we notice a real difference.

Oh, I'm not denying there are other software vendors out there. I'm well aware, as I have to follow vulnerability disclosure as part of my responsibilities at my job. I was just "speaking up" as requested by the parent poster.